Restrictions to data transmission

ABSTRACT

Data received at, or created on, a device may be tagged as corporate dependent upon a service over which the data is received or an application in which the data is created. When a user attempts to insert tagged data into a data item that is to be transmitted by the device, the insertion may be prevented. Similarly, the transmission of tagged data may be restricted to only occur on a secure service.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims priority to U.S. Provisional PatentApplication No. 61/408,992, filed Nov. 1, 2010, the contents of whichare hereby incorporated herein by reference.

FIELD

The present application relates generally to data transmission and, morespecifically, to applying restrictions to such transmission.

BACKGROUND

Increasingly, individuals are required by an employer to carry andutilize a mobile communication device capable of such communication asplacing and receiving telephone calls as well as sending and receivingelectronic messages including, for example, e-mail messages, shortmessaging service (SMS) messages, multimedia messaging service (MMS)messages, instant messaging messages, calendar event invitations,address book entries, etc. Furthermore, to assist in time management,such devices also execute a calendar application, and to assist incontact management, such devices also maintain a contact database.

Notably, rather than carry one device for corporate communication and asecond device for personal communication, individuals are opting tomanage both corporate and personal communication on a single device. Amixing of corporate and personal data that inevitably occurs on suchdevices may be seen as problematic for some corporate entities.

BRIEF DESCRIPTION OF THE DRAWINGS

Reference will now be made, by way of example, to the accompanyingdrawings which show example implementations; and in which:

FIG. 1 illustrates a mobile communication device;

FIG. 2A illustrates example steps in a method of facilitating dataprotection;

FIG. 2B illustrates example steps in an alternative method offacilitating data protection;

FIG. 3 illustrates example steps in another method of facilitating dataprotection;

FIG. 4 illustrates a message composition screen such as may be presentedon a display of the mobile communication device of FIG. 1; and

FIG. 5 illustrates example steps in another method of facilitating dataprotection.

DETAILED DESCRIPTION

Data received at, or created on, a device may be tagged as “corporate”,with the tagging dependent upon a service over which the data isreceived or an application in which the data is created. When a userattempts to paste data tagged in this manner into a data item that is tobe transmitted by the device, the transmission of the data may berestricted to only occur on a secure service.

According to an aspect of the present disclosure, there is provided amethod of facilitating data protection. The method includes receiving aninstruction to insert data into a data item, determining that a firstservice has been selected for transmission of the data item, determiningthat the data is associated with a second service and preventinginsertion of the data into the data item. In other aspects of thepresent application, a processor is provided for carrying out thismethod and a computer readable medium is provided for adapting aprocessor to carry out this method.

According to a further aspect of the present disclosure, there isprovided a method of facilitating data protection. The method includesreceiving an instruction to transmit a data item, determining that afirst service has been selected for transmission of the data item,determining that a portion of the data item is associated with a secondservice and preventing transmission of the data item. In other aspectsof the present application, a processor is provided for carrying outthis method and a computer readable medium is provided for adapting aprocessor to carry out this method.

Other aspects and features of the present disclosure will becomeapparent to those of ordinary skill in the art upon review of thefollowing description of specific implementations of the disclosure inconjunction with the accompanying figures.

FIG. 1 illustrates a mobile communication device 100 as an example of adevice that may be provided to users of a corporate network. The mobilecommunication device 100 includes a housing, an input device (e.g., akeyboard 124 having a plurality of keys) and an output device (e.g., adisplay 126), which may comprise a full graphic, or full color, LiquidCrystal Display (LCD). In some embodiments, the display 126 may comprisea touchscreen display. In such embodiments, the keyboard 124 maycomprise a virtual keyboard. Other types of output devices mayalternatively be utilized. A processing device (a microprocessor 128) isshown schematically in FIG. 1 as coupled between the keyboard 124 andthe display 126. The microprocessor 128 controls the operation of thedisplay 126, as well as the overall operation of the mobilecommunication device 100, in part, responsive to actuation of the keyson the keyboard 124 by a user.

The housing may be elongated vertically, or may take on other sizes andshapes (including clamshell housing structures). In the case in whichthe keyboard 124 includes keys that are associated with at least onealphabetic character and at least one numeric character, the keyboard124 may include a mode selection key, or other hardware or software, forswitching between alphabetic entry and numeric entry.

In addition to the microprocessor 128, other parts of the mobilecommunication device 100 are shown schematically in FIG. 1. These mayinclude a communications subsystem 102, a short-range communicationssubsystem 104, the keyboard 124 and the display 126. The mobilecommunication device 100 may further include other input/output devices,such as a set of auxiliary I/O devices 106, a serial port 108, a speaker111 and a microphone 112. The mobile communication device 100 mayfurther include memory devices including a flash memory 116 and a RandomAccess Memory (RAM) 118 and various other device subsystems 120. Themobile communication device 100 may comprise a two-way radio frequency(RF) communication device having voice and data communicationcapabilities. In addition, the mobile communication device 100 may havethe capability to communicate with other computer systems via theInternet.

Operating system software executed by the microprocessor 128 may bestored in a computer readable medium, such as the flash memory 116, butmay be stored in other types of memory devices, such as a read onlymemory (ROM) or similar storage element. In addition, system software,specific device applications, or parts thereof, may be temporarilyloaded into a volatile store, such as the RAM 118. Communication signalsreceived by the mobile device may also be stored to the RAM 118.

The microprocessor 128, in addition to its operating system functions,enables execution of software applications on the mobile communicationdevice 100. A predetermined set of software applications that controlbasic device operations, such as a voice communications module 130A anda data communications module 130B, may be installed on the mobilecommunication device 100 during manufacture. A data tagging module 130Cmay also be installed on the mobile communication device 100 duringmanufacture, to implement aspects of the present disclosure. As well,additional software modules, illustrated as an other software module130N, which may be, for instance, a personal information manager (PIM)application, may be installed during manufacture. The PIM applicationmay be capable of organizing and managing data items, such as e-mailmessages, calendar events, voice mail messages, appointments, addressbook entries and task items. The PIM application may also be capable ofsending and receiving data items via a wireless carrier network 170represented by a radio tower. The data items managed by the PIMapplication may be seamlessly integrated, synchronized and updated viathe wireless carrier network 170 with the device user's correspondingdata items stored or associated with a host computer system.

Communication functions, including data and voice communications, areperformed through the communication subsystem 102 and, possibly, throughthe short-range communications subsystem 104. The communicationsubsystem 102 includes a receiver 150, a transmitter 152 and one or moreantennas, illustrated as a receive antenna 154 and a transmit antenna156. In addition, the communication subsystem 102 also includes aprocessing module, such as a digital signal processor (DSP) 158, andlocal oscillators (LOs) 160. The specific design and implementation ofthe communication subsystem 102 is dependent upon the communicationnetwork in which the mobile communication device 100 is intended tooperate. For example, the communication subsystem 102 of the mobilecommunication device 100 may be designed to operate with the Mobitex™,DataTAC™ or General Packet Radio Service (GPRS) mobile datacommunication networks and also designed to operate with any of avariety of voice communication networks, such as Advanced Mobile PhoneService (AMPS), Time Division Multiple Access (TDMA), Code DivisionMultiple Access (CDMA), Personal Communications Service (PCS), GlobalSystem for Mobile Communications (GSM), Enhanced Data rates for GSMEvolution (EDGE), Universal Mobile Telecommunications System (UMTS),Wideband Code Division Multiple Access (W-CDMA), High Speed PacketAccess (HSPA), etc. Other types of data and voice networks, bothseparate and integrated, may also be utilized with the mobilecommunication device 100.

Network access requirements vary depending upon the type ofcommunication system. Typically, an identifier is associated with eachmobile device that uniquely identifies the mobile device or subscriberto which the mobile device has been assigned. The identifier is uniquewithin a specific network or network technology. For example, inMobitex™ networks, mobile devices are registered on the network using aMobitex Access Number (MAN) associated with each device and in DataTAC™networks, mobile devices are registered on the network using a LogicalLink Identifier (LLI) associated with each device. In GPRS networks,however, network access is associated with a subscriber or user of adevice. A GPRS device therefore uses a subscriber identity module,commonly referred to as a Subscriber Identity Module (SIM) card, inorder to operate on a GPRS network. Despite identifying a subscriber bySIM, mobile devices within GSM/GPRS networks are uniquely identifiedusing an International Mobile Equipment Identity (IMEI) number.

When required network registration or activation procedures have beencompleted, the mobile communication device 100 may send and receivecommunication signals over the wireless carrier network 170. Signalsreceived from the wireless carrier network 170 by the receive antenna154 are routed to the receiver 150, which provides for signalamplification, frequency down conversion, filtering, channel selection,etc., and may also provide analog to digital conversion.Analog-to-digital conversion of the received signal allows the DSP 158to perform more complex communication functions, such as demodulationand decoding. In a similar manner, signals to be transmitted to thewireless carrier network 170 are processed (e.g., modulated and encoded)by the DSP 158 and are then provided to the transmitter 152 for digitalto analog conversion, frequency up conversion, filtering, amplificationand transmission to the wireless carrier network 170 (or networks) viathe transmit antenna 156.

In addition to processing communication signals, the DSP 158 providesfor control of the receiver 150 and the transmitter 152. For example,gains applied to communication signals in the receiver 150 and thetransmitter 152 may be adaptively controlled through automatic gaincontrol algorithms implemented in the DSP 158.

In a data communication mode, a received signal, such as a text messageor web page download, is processed by the communication subsystem 102and is input to the microprocessor 128. The received signal is thenfurther processed by the microprocessor 128 for output to the display126, or alternatively to some auxiliary I/O devices 106. A device usermay also compose data items, such as e-mail messages, using the keyboard124 and/or some other auxiliary I/O device 106, such as a touchpad, arocker switch, a thumb-wheel, a trackball, a touchscreen, or some othertype of input device. The composed data items may then be transmittedover the wireless carrier network 170 via the communication subsystem102.

In a voice communication mode, overall operation of the device issubstantially similar to the data communication mode, except thatreceived signals are output to the speaker 111, and signals fortransmission are generated by a microphone 112. Alternative voice oraudio I/O subsystems, such as a voice message recording subsystem, mayalso be implemented on the mobile communication device 100. In addition,the display 126 may also be utilized in voice communication mode, forexample, to display the identity of a calling party, the duration of avoice call, or other voice call related information.

The short-range communications subsystem 104 enables communicationbetween the mobile communication device 100 and other proximate systemsor devices, which need not necessarily be similar devices. For example,the short-range communications subsystem may include an infrared deviceand associated circuits and components, or a Bluetooth™ communicationmodule to provide for communication with similarly-enabled systems anddevices.

It may be the case that a corporation wants to force users to usecorporate resources for corporate activity. For a first example, acorporation may wish to require that a corporate e-mail message be sentusing the corporate mail service, e.g., sent with a corporate e-mailaddress as the “From” address and using a corporate e-mail server. For asecond example, a corporation may wish to require that a corporatecalendar invitation be sent using the corporate mail service. Byrequiring that corporate resources be used for corporate activity, thecorporation can be seen to be taking steps to prevent accidental leakageof corporate data via communication channels over which the corporationhas no control. A corporation may, by forcing users to use corporateresources for corporate activity, maintain a system wherein suchcorporate activity may be tracked and audited.

In overview, it is proposed herein to transmit a policy to the mobilecommunication device 100. The policy establishes rules for the mobilecommunication device 100. The rules may include a rule that restrictstransmission of corporate data such that the transmission may only usesecure corporate channels.

During the course of normal use of the mobile communication device 100,data is received by, or created on, the mobile communication device 100.Upon creation or receipt, the microprocessor 128 may associate the datawith a service identifier. For example, if the data is deemed to becorporate, the data may be tagged with a service identifier thatidentifies the corporate nature of the data. The service identifierallows the mobile communication device 100 to control the manner inwhich the data may leave the mobile communication device 100. For oneexample, when data is received in a corporate e-mail message, the datamay simply comprise text in the body of the e-mail message. The e-mailmessage may be stored in memory 116, 118 on the mobile communicationdevice 100 associated with service identifier. Since the data has beenreceived in a corporate e-mail message, the service identifier withwhich the data is associated may be termed a “corporate serviceidentifier”.

FIG. 2A illustrates example steps in a method of facilitating dataprotection. Initially, the microprocessor 128 receives (step 202) datafrom the communication subsystem 102. The data may, for example,comprise an e-mail message with, or without, attachments.

Upon receiving (step 202), at the microprocessor 128, an e-mail messagefrom the communication subsystem 102, the microprocessor 128 maydetermine (204) the service through which the e-mail message has beenreceived. For one example, the service may be a public, free,advertising-supported e-mail service, such as Gmail™, and thedestination e-mail address may be “username@gmail.com”. For anotherexample, the service may be a private, corporate e-mail service, and thedestination e-mail address may be “username@corporation.com”.

Responsive to determining (204) the service through which the e-mailmessage has been received, the microprocessor 128 may, under control ofthe data tagging module 130C, associate (step 206) a service identifierwith the data. Such associating (step 206) of a service identifier withthe data may be considered, colloquially, as “tagging” the data.

An example service identifier may comprise an e-mail address.Accordingly, the microprocessor 128 may associate (step 206) serviceidentifier username@gmail.com with an e-mail message determined (204) tohave been received through the Gmail™ service. Similarly, themicroprocessor 128 may associate (step 206) service identifierusername@corporation.com with an e-mail message determined (204) to havebeen received through the corporate service.

Another example service identifier may comprise a globally uniqueidentifier associated with a service.

Notably, beyond the reception of an e-mail message, receiving (step 202)data from the communication subsystem 102 may relate to asynchronization of data items managed by the PIM application. Forexample, a calendar event may be inserted into a user's calendar byanother party, such as an assistant, so that data representative of thecalendar event may be received (step 202) by the microprocessor 128.Other data items managed by the PIM application that may be synchronizedbetween the mobile communication device 100 and a central server includecontact database (address book) entries and memos or notes.

To determine (step 204) that the data is corporate data, themicroprocessor 128 may, for example, rely on an indication, receivedfrom the communication subsystem 102, of the service through which thedata was received.

FIG. 2B illustrates example steps in an alternative method offacilitating data protection. Initially, the microprocessor 128 creates(step 212) data. The data may be created, for example, in an applicationexecuted on the microprocessor 128 and may be created, for example,responsive to user manipulation of user interface elements of the mobilecommunication device 100, such as the keyboard 124, the microphone 112or one or more of the auxiliary I/O devices 106. In the case wherein theapplication in which the data is created is associated with thecorporate service, the microprocessor 128, under the influence of codedefining the application, may automatically associate (step 214) acorporate service identifier with the data.

When tagged data is to be included in an e-mail message or calendarevent and has the potential to leave the mobile communication device100, the microprocessor 128 may arrange a presentation, on the display126, of a prompt that encourages the user to select a secure corporateservice to use when transmitting the data.

In an example scenario, an e-mail message may be received over acorporate service and, accordingly, may be tagged as corporate data. Auser may select a portion of text in the tagged e-mail message, cause amenu to appear and select a “copy” menu item from the menu, therebycopying the selected text to a software facility that can be used forshort-term data storage and/or data transfer between documents orapplications. Such a software facility is typically referred to as a“clipboard”. For consistency, the text copied to the clipboard may betagged as corporate data, based on the source of the text copied to theclipboard having been previously tagged as corporate data.

Responsive to the user selecting an insecure and/or non-corporateservice to use when transmitting the data, the mobile communicationdevice 100 will prevent the data from leaving the mobile communicationdevice 100. Conversely, if all the data involved is deemed to benon-corporate, then the user is free to choose any delivery mechanism.

FIG. 3 illustrates example steps in another method of facilitating dataprotection. Initially, while executing a given application, themicroprocessor 128 receives (step 302) an instruction to paste some datainto a data item being edited. The data item into which the data is tobe pasted may, for example, be an e-mail message, an SMS message, aninstant messenger message, a calendar event, an address book entry, etc.The microprocessor 128 then determines (step 304) whether a service hasbeen selected to transmit the data item being edited. Responsive todetermining (step 304) that a service has not been selected, themicroprocessor 128 may automatically select (step 306) the corporateservice and the paste operation may be allowed (step 312) to proceed.More generally, the pasting of data may be allowed after a selection ofa corresponding service that is authorized to deliver that data.

Upon determining (step 304) that a service has been selected, themicroprocessor 128 then determines (step 308) whether it is thecorporate service that has been selected to transmit the data item beingedited. Indeed, a given application may be capable of using both acorporate service and a public service, so that determining (step 308)whether the corporate service has been selected may involve determiningwhich of a plurality of services has been tentatively selected forcarriage of the data away from the mobile communication device 100.

Upon determining (step 308) that the corporate service has beenselected, the paste operation may be allowed (step 312) to proceed.

However, upon determining (step 308) that a service other than thecorporate service has been selected, the microprocessor 128 may thendetermine (step 310) whether the data that is to be pasted is corporatedata. One manner in which such a determination may be made is to processthe data to examine the service identifier associated therewith. Upondetermining (step 310) that the data to be pasted is not corporate data,e.g., determining that the service identifier associated with the datais not a corporate service identifier, the paste operation may beallowed (step 312) to proceed.

Upon determining (step 310) that the data to be pasted is corporatedata, e.g., determining that the service identifier associated with thedata is a corporate service identifier, the microprocessor 128 mayprevent (step 314) the paste operation from proceeding. In conjunctionwith preventing (step 314) the paste operation from proceeding, themicroprocessor 128 may arrange for presentation, on the display 126, ofa dialog box.

It may be that determining (step 308) that a service other than thecorporate service has been selected for transmission of a data item intowhich data is to be pasted, involves determining that the application isonly capable of transmission using a non-corporate service. That is,determining that the application is a non-corporate application. In sucha case, where it is determined that the application is a non-corporateapplication, the microprocessor 128 may not need to determine (step 310)whether the data that is to be pasted is corporate data beforepreventing (step 314) the paste operation from proceeding. That is, upondetermining that the application is a non-corporate application, themicroprocessor 128 may simply prevent (step 314) the paste operationfrom proceeding, as shown in a dashed line in FIG. 3.

In the art of user interfaces, the use of a dialog box to provideinformation to a user is well known. FIG. 4 illustrates a messagecomposition screen 400. The message composition screen 400 includes aFrom drop down menu 402 for specifying a “From” address. As aconsequence of selecting a “From” address using the From drop down menu402, a user effectively selects a service for use when transmitting themessage being composed in the message composition screen 400. Themessage composition screen 400 also includes an addressing region 404.The addressing region 404 includes one or more fields in which the usermay specify a recipient address for the message being composed in themessage composition screen 400. Overlaying the message compositionscreen 400 in FIG. 4 is a dialog box 406.

Although the dialog box 406 carries a message that reads “You cannotpaste into non-enterprise applications.”, other messages may be equallyvalid. For example, the message presented in the dialog box may comprisea prompt that encourages the user to select a secure corporate serviceto use when transmitting the data. Notably, such a prompt does notprevent accidental leakage of corporate data. However, if a leakage ofcorporate data occurs using transmission over a secure corporateservice, such a leakage may be more readily traced.

To stop a user from circumventing the method whose steps are presentedin FIG. 3 from selecting a corporate service, pasting, into a data itembeing edited, data that is associated with a corporate serviceidentifier and then changing the service to a public service beforearranging transmission of the data item being edited, a secondary checkmay be put in place.

FIG. 5 illustrates example steps in another method of facilitating dataprotection. Initially, while executing a given application, themicroprocessor 128 receives (502) an instruction to transmit a data itembeing edited. The data item to be transmitted may, for example, be ane-mail message, an SMS message, an instant messenger message, a calendarevent, an address book entry, etc. The microprocessor 128 thendetermines (504) whether the corporate service has been selected totransmit the data item being edited. Indeed, a given application may becapable of using both a corporate service and a public service, so thatdetermining (504) whether the corporate service has been selected mayinvolve determining which of a plurality of services has been selectedfor carriage of the data away from the mobile communication device 100.

Upon determining (504) that the corporate service has been selected, thetransmit operation may be allowed (step 508) to proceed.

However, upon determining (504) that a service other than the corporateservice has been selected, the microprocessor 128 may then determine(506) whether the data item that is to be transmitted includes corporatedata. One manner in which such a determination may be made is to processthe data to examine the service identifier associated therewith, asdescribed hereinbefore. Upon determining (504) that the data item to betransmitted does not include corporate data, e.g., determining that theservice identifiers associated with the data item or data included inthe data item are not corporate service identifiers, the transmitoperation may be allowed (step 508) to proceed.

Upon determining (506) that at least some of the data to be transmittedis corporate data, e.g., determining that a service identifierassociated with at least some of the data is a corporate serviceidentifier, the microprocessor 128 may prevent (step 510) the transmitoperation from proceeding. In conjunction with preventing (step 510) thepaste operation from proceeding, the microprocessor 128 may arrange forpresentation, on the display 126, of a dialog box, as discussedhereinbefore in conjunction with prevention of a pasting operation.

Conveniently, the mobile communication device 100 can continue to beused for personal purposes while providing the corporation a manner inwhich a likelihood of accidental leakage of corporate data may begreatly reduced.

While the foregoing example contemplates an attempt to paste tagged datainto an outgoing e-mail message, as person of ordinary skill in the artwill recognize that the prevention (step 310) of a paste operation orprevention (step 510) of a transmit operation may equally apply to otheroutgoing transmissions. For example, a user may manipulate the userinterface of the mobile communication device 100 to initiate theexecution of a calendar operation and may then create a calendar event.In conjunction with creating the calendar event, the user may specifyone or more invitees and may specify a service over which to transmit aninvitation to the calendar event. The user may be prevented from pastingdata into the calendar event in a case wherein the data is associatedwith a corporate service identifier and the service that is to be usedto transmit the invitation is not a corporate service.

Creation of data may involve various aspects of hardware included in themobile communication device 100. For example, where the mobilecommunication device 100 include a camera (not shown), creation of dataon the mobile communication device 100 may involve capturing a stillphotograph or a video. Similarly, creation of data on the mobilecommunication device 100 may involve capturing a sound recording usingthe microphone 112. By default, such created data may be tagged ascorporate and, accordingly, be subject to the same restrictions to whichreceived data is subject. Alternatively, Global Positioning System (GPS)hardware (not shown) on the mobile communication device 100 may beactive while data is being created on the mobile communication device100 and created data may only be tagged with a corporate serviceidentifier when the data is created within one or more pre-definedgeographic boundaries.

A forwarding operation performed on a received e-mail message may beconsidered similar to a paste operation. Indeed, though not specificallydirected by a user, data from the received e-mail message may be copiedto a clipboard and pasted into a new outgoing message when a userindicates a request to forward the received e-mail message. In the casewherein the received e-mail message has been received over the corporateservice, the e-mail application handling the request to forward thereceived e-mail message may default the service for the new outgoingmessage to the corporate service. However, as illustrated in FIG. 4, theuser may employ the From drop down menu 402 to select an alternativeservice. Responsive to such a selection, the microprocessor 128 mayprevent (step 310) composition and transmission of the new outgoingmessage from proceeding. The microprocessor 128 may accomplish suchpreventing (step 310) by overlaying the message composition screen witha dialog box similar to the dialog box 406 of FIG. 4.

The above-described implementations of the present application areintended to be examples only. Alterations, modifications and variationsmay be effected to the particular implementations by those skilled inthe art without departing from the scope of the application, which isdefined by the claims appended hereto.

What is claimed is:
 1. A method of facilitating data protection on amobile communications device, said method comprising: receiving aninstruction to paste data into an e-mail message; determining that afirst service has been selected for transmission of said e-mail message;determining that said data is associated with a second service;preventing pasting of said data into said e-mail message; andcontrolling a display to present a dialog indicating that pasting ofsaid data into said e-mail message has been prevented.
 2. The method ofclaim 1 further comprising determining that said data is associated withsaid second service by determining that said data is associated with anidentifier of said second service.
 3. The method of claim 2 wherein saididentifier of said second service comprises a globally uniqueidentifier.
 4. The method of claim 3 wherein said identifier of saidsecond service comprises an e-mail address.
 5. The method of claim 1wherein said first service comprises an e-mail service.
 6. The method ofclaim 1 wherein said determining that said first service has beenselected for transmission of said e-mail message comprises determiningthat said second service is unavailable to be selected for transmissionof said e-mail message.
 7. The method of claim 1 wherein saiddetermining that said first service has been selected for transmissionof said e-mail message comprises determining that a service has beenselected for transmission of said e-mail message.
 8. A mobilecommunication device comprising: a communication subsystem; a display; aprocessing device adapted to: receive an instruction to paste data intoan e-mail message; determine that a first service has been selected fortransmission of said e-mail message using said communication subsystem;determine that said data is associated with a second service; preventpasting of said data into said e-mail message; and control said displayto present a dialog indicating that pasting of said data into saide-mail message has been prevented.
 9. A non-transitory computer-readablemedium containing computer-executable instructions that, when performedby a processor, cause said processor to: receive an instruction to pastedata into an e-mail message; determine that a first service has beenselected for transmission of said e-mail message; determine that saiddata is associated with a second service; prevent pasting of said datainto said e-mail message; and control a display to present a dialogindicating that pasting of said data into said e-mail message has beenprevented.